Very cool article, love these.<p>> This brute force approach would work for short codes, but not for long ones. To generate all of the length 10 sequences would require computing about a billion hashes (8^10). That would work on my laptop, but length 11 codes (8 billion hashes) would be take a while, and 12 (68 billion hashes) would be a stretch.<p>We live in the future though. 68 billion hashes is absolutely possible on a laptop.
Neat discovery. I would argue that this isn't really a dictionary attack because by taking permutations of words, you are not searching for actual words like STUD. Straightforward brute force may be cleaner, faster, and avoid duplicates.<p>Breaking simple (non-cryptographic) hashes is <i>usually</i> a great use case for an SMT solver like Microsoft's Z3. Unfortunately the approach is mostly defeated by the mapping of the input buttons to a set of arbitrary constants, so it resorts to considering a large number of disjunct possibilities---basically a very fancy brute force.<p>Nonetheless, I took a stab at it and I was indeed able to find the solution TXTUDUTXTUDUTXTUDU -- but I had to cheat and tell it the code repeats 3 times.<p><a href="https://gist.github.com/rgov/e2d8f6831288ca739d5c51b0c9f4005b" rel="nofollow">https://gist.github.com/rgov/e2d8f6831288ca739d5c51b0c9f4005...</a>